MIT krb5: Multiple vulnerabilities
— GLSA 200409-09

MIT krb5 contains several double-free vulnerabilities, potentially allowing
the execution of arbitrary code, as well as a denial of service
vulnerability.

Affected Packages

Package

app-crypt/mit-krb5 on all architectures

Affected versions

< 1.3.4

Unaffected versions

>= 1.3.4

Background

MIT krb5 is the free implementation of the Kerberos network authentication
protocol by the Massachusetts Institute of Technology.

Description

The implementation of the Key Distribution Center (KDC) and the MIT krb5
library contain double-free vulnerabilities, making client programs as well
as application servers vulnerable.

The ASN.1 decoder library is vulnerable to a denial of service attack,
including the KDC.

Impact

The double-free vulnerabilities could allow an attacker to execute
arbitrary code on a KDC host and hosts running krb524d or vulnerable
services. In the case of a KDC host, this can lead to a compromise of the
entire Kerberos realm. Furthermore, an attacker impersonating a legitimate
KDC or application server can potentially execute arbitrary code on
authenticating clients.

An attacker can cause a denial of service for a KDC or application server
and clients, the latter if impersonating a legitimate KDC or application
server.